[tahoe-lafs-trac-stream] [Tahoe-LAFS] #2193: pyOpenSSL 0.14 pulls in a bunch of new dependencies
Tahoe-LAFS
trac at tahoe-lafs.org
Tue Apr 15 16:17:18 UTC 2014
#2193: pyOpenSSL 0.14 pulls in a bunch of new dependencies
-------------------------+-------------------------------------------------
Reporter: daira | Owner: daira
Type: defect | Status: assigned
Priority: major | Milestone: 1.11.0
Component: | Version: 1.10.0
packaging | Keywords: packaging setuptools pyopenssl
Resolution: | cryptography six cffi pycparser
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by daira):
Replying to [comment:28 daira]:
> However, attempting to import dependent packages from `setup.py` has
caused problems in the past and I'm not entirely sure it's a good idea.
One important problem is that if the `setup.py` process imports `OpenSSL`
but it turns out to be broken or vulnerable, then there is no way to
"unimport" it (well, not reliably), and this may cause problems later in
the build. It would be possible to shell out to a `check_pyopenssl.py`
script in a separate process, but that's getting rather complicated.
gdt: would it be sufficient for you to just patch the `pyOpenSSL == 0.13`
requirement in `src/allmydata/_auto_deps.py` in your pkgsrc packaging of
Tahoe-LAFS 0.11?
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/2193#comment:30>
Tahoe-LAFS <https://Tahoe-LAFS.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list